class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new # guest users

    if user.role? :administrator
      can :read, :users
      can :write, :users
      can :manage, :roles
    elsif user.persisted?
      can :read, :users
    end
  end
end